Skip to content

Commit 8ed4ae4

Browse files
passaropassaro
authored
Update CRT submodules to latest releases (#1744)
Update the CRT submodules to the latest releases. <details> <summary>Full CRT changelog:</summary> ``` Submodule mountpoint-s3-crt-sys/crt/aws-c-auth ab03bdd9..a4409b95: > Add proxy settings for profile credential provider (#285) > Add proxy config for credential providers (#281) > swap to use aws_ecc_decode_signature_der_to_raw_padded for login provider (#279) > add aws login provider (#278) > create a common base for http client, migrate sso (#276) Submodule mountpoint-s3-crt-sys/crt/aws-c-cal 3c6d901a..1cb94121: > Support static buffers in ecc signature helpers (#243) > Add helper to convert signature to padded r and s pair (#242) > Fix byo for ecc from asn1 (#241) > Relax EC keygen to work on all platforms (#240) > Remove skip test (#239) > Move Linux from openssl_hkdf to ref_hkdf (#238) > Fix warning when using cpp compiler (#236) > Add functions for sha512 hmac hkdf (#234) > SHA512 HMAC (#233) > Export logic for ec keys (#232) > Refactor ec key import (#229) > Add helpers for encoding/decoding der ecdsa signatures to raw (#230) Submodule mountpoint-s3-crt-sys/crt/aws-c-common 31578beb..95515a8b: > Base64url support (#1229) > Add va_end call (#1228) > Remove no-op from CMakeLists.txt (#1226) > Extend Platform Helper Functions (#1225) > Remove apple-specific pthread_getname compile definition (#1224) Submodule mountpoint-s3-crt-sys/crt/aws-c-compression f951ab2b..d8264e64: > change stale issue and discussion handling to run once a week (#76) > Remove Windows 2019 and add Windows 2025 with MSVC-17 (#74) > make exports consistent (#73) Submodule mountpoint-s3-crt-sys/crt/aws-c-http ce0d6562..acf31399: > Revert "Fix CI issues" (#542) > Automate the renew of the cert used in test (#540) > Add helper to check for transient errors (#537) > update cert as it's expired (#539) > Fix CI issues (#538) > Configurable ports for HTTP/1.1 mock server (#535) > Update mock server (#534) > Add no_proxy_hosts configuration to proxy options/config. (#532) > Move away from https://postman-echo.com (#533) > Fix warnings found by the Undefined Behavior Sanitizer (#530) > change stale issue and discussion handling to run once a week (#529) Submodule mountpoint-s3-crt-sys/crt/aws-c-io 8906a02c..d5ad01ce: > Return error on using tls13 on macOS (#788) > change to net test case (#789) > Revert to commit 4c48e60 (#787) > Fix compilation warnings (#783) > Add helper to check for transient errors (#782) > macOS dispatch queue and secitem (#758) > Fix typos for DSA (#768) > Disable clang-9 CI job (#780) > Clean up cond var after all referencing threads are joined (#772) > Thread name too long on CPU with more than 100 cores (#770) > Expose Event Loop Type of ELG (#765) > Correct PQ-opt-out s2n policy (#759) Submodule mountpoint-s3-crt-sys/crt/aws-c-s3 332dd22c..e9d1bde: > [fix]S3express backpressure (#612) > Revert "Skip test on Apple" (#611) > Auto - Update S3 Ruleset & Partition (#610) > Skip test on Apple (#606) > Update rule set (#599) > regression test for wrong assertion (#605) > don't crash for server error. Handle it nicely (#604) > disable hedging for s3 express (#602) > fix the read window update from the same thread (#601) > Delivery exact bytes for read window (#600) > Accept memory limit setting from envrionment variable (#598) > Fix the deadlock for pause/cancel (#596) > fix compiler warnings (#593) > Dynamic default part size (#575) > Auto - Update S3 Ruleset & Partition (#590) > Auto - Update S3 Ruleset & Partition (#585) > Add new metrics (#578) > Auto - Update S3 Ruleset & Partition (#583) Submodule mountpoint-s3-crt-sys/crt/aws-checksums 9978ba2c..270b15ac: > Add combine functions for crc32/64 (#109) > change stale issue and discussion handling to run once a week (#106) Submodule mountpoint-s3-crt-sys/crt/aws-lc e0ee14ec..728811ee: > Prepare v1.66.2 (#2930) > Fix ppc64le; Improve platform detection (#2926) > Replace password string with proper class (#2925) > Consolidate FORMAT_DER/PEM in tool-openssl (#2929) > fix(target): fix mipseb 64bit compile (#2923) > Add randomized unit testing for EVP_CIPHERs (#2922) > Remove pkcs8 expected in test (#2924) > Fix the libwebsockets integration test script (#2912) > Fix incorrect assembler directive in AArch64 code (#2910) > Speed up legacy AVX CI (#2876) > Prepare v1.66.1 (#2918) > ML-DSA: Missing Private Key Validation Checks (#2874) > Fix extension processing order in x509 cli (#2916) > Add stdin support for pkcs8 tool (#2915) > Add openssl genpkey cli utility tool (#2907) > Remove OPENSSL_NO_BF for real (#2914) > Fix socat integration test (#2911) > Iterate through all DNS entries in connect CLI (#2906) > Prepare v1.66.0 release (#2900) > Implement enc CLI (#2877) > Several CLI Fixes (#2898) > [tool-openssl] basic asn1parse support (#2882) > Remove rsa expected in test (#2901) > Support stdin for openssl rsa tool (#2899) > Blowfish OFB Block Cipher Mode Support (#2892) > Run ACCP integration tests on aarch64 (#2894) > Bump urllib3 from 2.5.0 to 2.6.0 in /tests/ci (#2886) > Add RSA_X931_PADDING to rsa.h (#2889) > tool-openssl: pkcs8 error output on decrypt (#2883) > Fix openssl comparison tests (#2888) > Add sha1 CLI (#2885) > Route ML-DSA ACVP to the right APIs (#2884) > Add support for external contexts in ML-DSA ACVP (#2880) > Clarify comments and API behaviour for equal-preference for TLS 1.3 (#2873) > Add encap/decapKeyCheck support in ACVP (#2872) > Prepare v1.65.1 (#2870) > Move dk to Tests in ML-KEM ACVP (#2867) > Add support for HMAC-SHA3 to ACVP tool (#2866) > Add ACVP support for AES CFB128 (#2861) > Replicate OpenSSL 1.1.1 behavior for BIO_s_mem BIO_NOCLOSE (#2864) > Verify size of mlen in ML-DSA external mu mode (#2841) > Add conversion and traceability for third-party test vectors (#2839) > Add EVP_bf_cfb64 (#2851) > Exclude .git from source size metric reporting (#2858) > Fix AWS-LC Analytics Job (#2855) > s_client: Add TLS 1.2 and 1.3 protocol selection flags (#2850) > Adjust image-build-android concurrency group (#2848) > Prepare AWS-LC v1.65.0 (#2844) > Adjust script to handle other event types (#2845) > Add authorization environments (#2843) > Match req CLI behavior with OpenSSL (#2836) > Bump openssl from 0.10.66 to 0.10.73 in /tests/ci/lambda (#2550) > Add CFI directives in aesv8-armx.pl (#2634) > Add CFI directives to chacha-armv8.pl (#2633) > Set SSL_R_NO_CIPHER_MATCH when failing to set ciphers (#2840) > Guard for __NR_getrandom use (#2834) > Grant OIDC Token Permissions to Top-Level Image Build Workflow (#2837) > Make N1 cpucap a subset of that of V1 and V2 (#2815) > AES-XTS Enc Dec test on rand incremental length inputs (#2795) > Add infrastructure for managing third-party test vectors (#2811) > [SCRUTINICE] Avoid NULL dereference (#2823) > Fix workflow permissions for formal verification & windows (#2831) > Android Docker Image Build (#2830) > Fix HAProxy CI failures (#2829) > Fix OCSP CI failure (#2828) > Refactor the staging repository to make the name consistent for writing IAM policies (#2824) > Fix tpm2-tss CI; update patches (#2827) > Fix apache httpd; keep pytest <7.0 (#2825) > [SCRUTINICE] Fix unchecked return value (#2773) > Fix bind9 CI failure (#2817) > Remove Docker Image build infrastructure from CodePipeline (#2822) > Setup OIDC for exchanging GitHub Token for AWS Credentials (#2819) > Fix openldap; regenerate configure script (#2818) > Remove unused Wycheproof test vectors (#2792) > Disable old Windows jobs (#2812) > Use new images for fuzzing and x509 (#2804) > Prepare release v1.64.0 (#2810) > Ensure HMAC_Init_ex reinitializes data properly (#2806) > Implement more options for req CLI (#2775) > Extend grv asan timeout for Golang to allow completion (#2805) > Rename fork to fork UBE (#2803) > Make poly_chknorm constant flow (#2788) > Support NetBSD (#2754) > Migrate analytics job to be GitHub triggered (#2779) > Use right compiler with ruby CI (#2801) > Migrate to macos-15-intel (#2802) > Bump MySQL version tag to 9.5.0 (#2768) > Rename snapsafe to VM UBE (#2800) > Remove dead code (#2797) > Use GitHub-based Verification Images (#2798) > Add scrutinice pull permissions for aws-lc/amazonlinux repository (#2799) > Support "openssl dhparam" (#2790) > Use C++11 atomics to update session stats (#2786) > GitHub-based Formal Verification Image Build (#2796) > Additional options for "openssl c_client" (#2791) > Remove python codebuild patches (#2793) > Support more "openssl rsa" options (#2777) > ECR Repositories for Android and Formal Verification Images (#2794) > Update max polyz value (#2787) > Prepare release v1.63.0 (#2789) > AES-XTS on AArch64: Set w19 earlier before cipher-stealing of 1 block + tail. (#2785) > Tool util functions in tool_util.cc (#2778) > Failing no-op implementations for several UI functions (#2772) > Ci add rpmbuild job (#2774) > Add compiler to 24.04 docker image (#2783) > Migrate Windows Omnibus to GitHub Workflow (#2780) > Fix Ruby integration CI (#2765) > Fix tpm2-tss CI (#2767) Submodule mountpoint-s3-crt-sys/crt/s2n-tls 30f40f23..3276a087: > Fix unit test build errors under -Werror (#5686) > test(integration): add BoringSSL cohort to expand mTLS coverage (#5659) > test(integration): add rust test for prefer low latency (#5684) > test: confirm errors for no matching parameters (#5679) > fix: incorrect group reported for TLS 1.2 session resumption (#5673) > Fix: Unpin the rust nightly toolchain version (#5682) > Fix: print diagnostics to stdout in s2n_resume_test (#5660) > build(deps): bump cross-platform-actions/action from 0.31.0 to 0.32.0 in /.github/workflows in the all-gha-updates group (#5685) > build(deps): bump the all-gha-updates group across 1 directory with 4 updates (#5675) > test(integration): refactor PQ tests to utilize in-memory harness (#5667) > test(integration): add async cert verify and offload 'stress' test (#5653) > feat: add handshake event (#5635) > chore: Fix increase in Rust unit test timings (#5677) > feat: verify certificate issuer intent by default (#5657) > (chore): Revert "feat(build): Improve OpenSSL libcrypto discovery (#5572)" (#5664) > ci: update clang format version (#5661) > (chore): Rust bindings bump 0.3.32 (#5662) > test: update CRL certs to comply with intent validation (#5651) > feat(build): Improve OpenSSL libcrypto discovery (#5572) > Import Cloudfront PQ TLS Policies (#5539) > ci: add typo check to ci (#5491) > build(deps): bump ytanikin/pr-conventional-commits from 1.4.2 to 1.5.1 in /.github/workflows in the all-gha-updates group (#5656) > fix: refactor negotiate loop to fix issue with async callback (#5641) > tests(integration): cases for TLS 1.3 group selection (#5652) > refactor(tls-harness): use single test pair IO to allow for decryption (#5648) > feat: Ability to set "strongly preferred" groups (#5634) > test(integration): add mTLS integration tests (#5638) > fix: allow for warning level TLS alerts prior to version negotiation (#5646) > chore(bindings-release): s2n-tls v0.3.31 release (#5649) > feat: add additional application context into Connection (#5637) > test(integv2): remove dynamic record sizing test and related cleanup (#5644) > test: add test certs for cert intent validation (#5630) > feat: additional rfc9151 compat policy without sha1 hmac (#5645) > feat: improve performance of getting validated cert chain from libcrypto (#5622) > feat: add rfc9151 compat policies (#5615) > build(deps): bump the all-gha-updates group across 1 directory with 2 updates (#5640) > chore: s2n-tls-hyper version bump (#5636) > chore: Rust bindings release 0.3.30 (#5633) > feat: add client hello random getter (#5620) > fix: enable -Wcast-qual flag for libcrypto=awslc (#4735) > docs: Adds note about serialization error case (#5617) > ci: add rust integration test to codebuild start script (#5623) > test: require both MLKem and MLDsa capabilities for pure MLKEM tests (#5621) > refactor(harness): Extend handshake logic to support TLS 1.2 (#5614) > fix: replace `uint8_t` in for loops (#5619) > ci: move the integnix job to us-west-2 (#5604) > fix(ci): check Amazon copyright statement (#5611) > feat: add pure ML-KEM support (#5586) > ci: exclude `validate-pr-title` from merge queue (#5613) > ci: update cmake version (#5612) > test(integration): add dynamic record sizing test (#5608) > build(deps): bump the all-gha-updates group across 1 directory with 2 updates (#5605) > fix(ci): add `build` to the validate-pr-title CI job (#5610) > ci: PR conventional commit lint GHA (#5603) > docs: add dev docs on handshake and io (#5596) > Revert "feat: basic security policy builder interface (#5493)" (#5599) > docs: update pull request template (#5591) > fix: update memory usage test assertions (#5592) > fix: update action user name (#5600) > feat(integration): enable CodeBuild and Nix for rust integration tests (#5578) > chore: Rust bindings release 0.3.29 (#5595) > refactor: remove unused s2n_socket_set_read_size method (#5594) > docs: comments for blob, stuffer methods (#5326) > test: add memory profiler test (#5329) > ci: scope down GitHub Token permissions (#5570) > build(deps): bump the all-gha-updates group in /.github/workflows with 2 updates (#5585) > refactor: Adds tls13 ciphersuites to default/default_fips policy (#5560) > fix: update test_pq_only policy snapshot (#5583) > feat: add PQ only policy support (#5545) > feat: output utility for security policy (#5502) > fix: update test broken by Openssl dhe generation change (#5580) > ci: pin to older kissat version to unblock CBMC (#5581) > feat: Improve supported cipher suites in RFC9151 policy (#5559) > build(deps): update regex requirement from =1.9.6 to =1.12.1 in /bindings/rust/extended (#5556) > build(deps): update zeroize requirement from =1.7.0 to =1.8.2 in /bindings/rust/extended (#5537) > build(deps): bump the all-gha-updates group across 1 directory with 4 updates (#5548) > docs: update nix integration test instructions for uvinteg function (#5550) > fix(test): Reduce s2n_security_policies_test duration (#5558) > refactor 2/2: Fix security policy version in tests to numbered string (#5553) > fix(aws-kms-tls-auth): supress logging & version bump (#5554) > build(deps): update rtshark requirement from 3.1.0 to 4.0.0 in /tests/pcap in the all-cargo-updates group across 1 directory (#5555) > refactor: add psk receiver (#5552) > refactor 1/2: Fix security policy version in tests to numbered string (#5549) > chore: update bindgen version to v0.69.0 (#5396) > refactor(aws-kms-tls-auth): psk provider using HMAC psks (#5530) > chore(bindings): revert dependency pins (#5544) > fix: validate protocol version during connection deserialization (#5523) > chore: add new team member (#5542) > chore: bindings release 0.3.28 (#5540) > feat(bindings): expose cert validation callback (#5357) > bindings(rust): bump extended crates MSRV to 1.72.0 (#5534) > fix(usage-guide): Update book.toml for mdbook 0.5 release (#5535) > chore: bindings release 0.3.27 (#5526) > refactor(aws-kms-tls-auth): add hmac based psk derivation (#5519) > ci: install missing rust component for gitthub action workflows (#5528) > docs: Small doc changes for KTLS (#5521) ``` </details> ### Does this change impact existing behavior? No. ### Does this change need a changelog entry? Does it require a version change? Yes. --- By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and I agree to the terms of the [Developer Certificate of Origin (DCO)](https://developercertificate.org/). --------- Signed-off-by: Alessandro Passaro <[email protected]>
1 parent 763ac0f commit 8ed4ae4

File tree

17 files changed

+18
-14
lines changed

17 files changed

+18
-14
lines changed

Cargo.lock

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

mountpoint-s3-client/CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
## Unreleased (v0.19.6)
22

33
* Upgrade cargo dependencies.
4+
* Update to latest CRT dependencies.
45

56
## v0.19.5 (December 22, 2025)
67

mountpoint-s3-crt-sys/CHANGELOG.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
1-
## Unreleased (v0.15.4)
1+
## Unreleased (v0.16.0)
22

33
* Upgrade cargo dependencies.
4+
* Update to latest CRT dependencies.
45

56
## v0.15.3 (October 30, 2025)
67

mountpoint-s3-crt-sys/Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
[package]
22
name = "mountpoint-s3-crt-sys"
33
# See `/doc/PUBLISHING_CRATES.md` to read how to publish new versions.
4-
version = "0.15.4"
4+
version = "0.16.0"
55
edition = "2024"
66
license = "Apache-2.0"
77
repository = "https://github.com/awslabs/mountpoint-s3"

mountpoint-s3-crt-sys/crt/aws-c-auth

Submodule aws-c-auth updated 32 files

mountpoint-s3-crt-sys/crt/aws-c-cal

mountpoint-s3-crt-sys/crt/aws-c-common

mountpoint-s3-crt-sys/crt/aws-c-compression

mountpoint-s3-crt-sys/crt/aws-c-http

Submodule aws-c-http updated 31 files

mountpoint-s3-crt-sys/crt/aws-c-io

0 commit comments

Comments
 (0)